I just did a simple setup using minimal rules, I'm doing tests with the rules dealing with the handling of SSL certificates, this worked correctly, but a security error page is always being displayed in the browser every time you connect to a new web page that uses https, after ignoring the security warning the page opens normally, the directory cache of certificates is working properly too, I saw being generated dynamic certificates, I realized that Some sites like "google.com" not generate the problem of security warning in the browser but to my surprise when typing "www.google.com" and generated a new certificate in the cache (/ var / lib / squid_ssl_db) and an "Error code: sec unknown_issuer" and displayed, I'm using the "server-first ssl_bump all" before when I put "client-first ssl_bump all", was displayed a different error, what should I do to fix these errors?, I'm putting down the configuration I'm using and a image page warning. <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4661890/shot-2013-09-01_20-01-17.jpg> https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/ifal.pem http_port 3129 http_port 3128 intercept acl rede_ifal src 192.168.0.0/16 always_direct allow all acl facebook dstdomain .facebook.com .facebook.com.br #ssl_bump deny facebook ssl_bump server-first all #acl certificados_confiaveis dstdomain .google.com .google.com.br .facebook.com .facebook.com.br .bb.com .bb.com.br #sslproxy_cert_error allow certificados_confiaveis #acl certificado_ruim ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH #sslproxy_cert_error deny certificado_ruim certificados_confiaveis #sslproxy_cert_error allow certificado_ruim sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/squid_ssl_db -M 4MB sslcrtd_children 10 acl https proto https http_access deny facebook https rede_ifal http_access allow rede_ifal http_access deny all debug_options ALL,1 33,2 28,9 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/how-to-configure-squid3-transparent-web-proxy-ssl-https-how-to-block-sites-using-ssl-tp4661857p4661890.html Sent from the Squid - Users mailing list archive at Nabble.com.
